尝试删除Rails 4 App中的用户时出现以下错误。
Pundit::NotAuthorizedError in UsersController#destroy
not allowed to destroy? this #<User:0x005595f691bd10>
Extracted source (around line #30):
@user = User.find(params[:id])
# debugger
authorize current_user
@user.destroy
redirect_to users_path, :notice => "User deleted."
end
我正在提供用户控制器:
class UsersController < ApplicationController
before_filter :authenticate_user!
before_action :set_menu
def index
@users = User.all.page(params[:page]).per(8)
authorize @users
end
def show
@user = User.find(params[:id])
authorize @user
end
def update
@user = User.find(params[:id])
#authorize @user
if @user.update_attributes(secure_params)
redirect_to users_path, :notice => "User updated."
else
redirect_to users_path, :alert => "Unable to update user."
end
end
def destroy
@user = User.find(params[:id])
authorize @user
@user.destroy
redirect_to users_path, :notice => "User deleted."
end
private
def secure_params
params.require(:user).permit(:role)
end
def set_menu
store_menu("User")
end
end
以下是我的用户模型代码
class User < ActiveRecord::Base
enum role: [:admin,:user]
after_initialize :set_default_role, :if => :new_record?
def set_default_role
self.role ||= :user
end
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
has_one :customer
# has_one :customer, dependent: :destroy
end
以下是我的用户政策文件
class UserPolicy < ApplicationPolicy
attr_reader :user, :model
def initialize(user, model)
@user = user
@model = model
end
def index?
@user.admin?
end
class Scope < Scope
def resolve
scope
end
end
end
如何解决删除或销毁特定用户操作的错误?
答案 0 :(得分:3)
您应该在for(i = -1; i <=(ssize_t)(all_mem- 2); ++i)
中添加删除方法,如下所示
user_policy.rb让破坏工作。